fjo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows commands like "x fjo issue ls owner/repo" and the checklist requires confirming a Forgejo instance URL and credentials, indicating the agent will connect to external Forgejo instances and read user-generated issues/PRs (untrusted third-party content) as part of its workflow.